EIP-2026-107859
PRE-CVEInout Mobile Webmail APP - Persistent Cross-Site Scripting
Title source: legacyExploitation Summary
EIP tracks 1 public exploit for EIP-2026-107859. PoCs published by Vulnerability-Lab.
AI-analyzed exploit summary The document describes multiple persistent XSS vulnerabilities in Inout Mobile Webmail APP, specifically in the 'New Mail' and 'Contacts' modules. The vulnerabilities allow remote attackers to inject malicious script code via the 'To', 'Cc', and 'Bcc' parameters.
Description
Inout Mobile Webmail APP - Persistent Cross-Site Scripting
Exploits (1)
exploitdb
WRITEUP
by Vulnerability-Lab · textwebappsphp
https://www.exploit-db.com/exploits/20346
The document describes multiple persistent XSS vulnerabilities in Inout Mobile Webmail APP, specifically in the 'New Mail' and 'Contacts' modules. The vulnerabilities allow remote attackers to inject malicious script code via the 'To', 'Cc', and 'Bcc' parameters.
Classification
Writeup 90%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target:
Inout Mobile Webmail APP 2012
Auth required
Prerequisites:
Privileged user account · User interaction to view malicious email
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
Details
Status
pre_cve
Tracked Since
Feb 18, 2026